From a2b46b2883b717bd626ae6f84ca0e29e4822a9d8 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Tue, 5 Nov 2019 14:41:58 -0500
Subject: [PATCH] import
 libguestfs-winsupport-8.0-4.module+el8.1.0+4066+0f1aadab

---
 ...an-error-when-failed-to-build-the-mo.patch | 63 +++++++++++++++++++
 SPECS/libguestfs-winsupport.spec              | 15 ++++-
 2 files changed, 77 insertions(+), 1 deletion(-)
 create mode 100644 SOURCES/0001-Fixed-reporting-an-error-when-failed-to-build-the-mo.patch

diff --git a/SOURCES/0001-Fixed-reporting-an-error-when-failed-to-build-the-mo.patch b/SOURCES/0001-Fixed-reporting-an-error-when-failed-to-build-the-mo.patch
new file mode 100644
index 0000000..1a90ba1
--- /dev/null
+++ b/SOURCES/0001-Fixed-reporting-an-error-when-failed-to-build-the-mo.patch
@@ -0,0 +1,63 @@
+From 85c1634a26faa572d3c558d4cf8aaaca5202d4e9 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jean-Pierre=20Andr=C3=A9?= <jean-pierre.andre@wanadoo.fr>
+Date: Wed, 19 Dec 2018 15:57:50 +0100
+Subject: [PATCH] Fixed reporting an error when failed to build the mountpoint
+
+The size check was inefficient because getcwd() uses an unsigned int
+argument.
+---
+ src/lowntfs-3g.c | 6 +++++-
+ src/ntfs-3g.c    | 6 +++++-
+ 2 files changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/src/lowntfs-3g.c b/src/lowntfs-3g.c
+index 993867fa..0660439b 100644
+--- a/src/lowntfs-3g.c
++++ b/src/lowntfs-3g.c
+@@ -4411,7 +4411,8 @@ int main(int argc, char *argv[])
+ 	else {
+ 		ctx->abs_mnt_point = (char*)ntfs_malloc(PATH_MAX);
+ 		if (ctx->abs_mnt_point) {
+-			if (getcwd(ctx->abs_mnt_point,
++			if ((strlen(opts.mnt_point) < PATH_MAX)
++			    && getcwd(ctx->abs_mnt_point,
+ 				     PATH_MAX - strlen(opts.mnt_point) - 1)) {
+ 				strcat(ctx->abs_mnt_point, "/");
+ 				strcat(ctx->abs_mnt_point, opts.mnt_point);
+@@ -4419,6 +4420,9 @@ int main(int argc, char *argv[])
+ 			/* Solaris also wants the absolute mount point */
+ 				opts.mnt_point = ctx->abs_mnt_point;
+ #endif /* defined(__sun) && defined (__SVR4) */
++			} else {
++				free(ctx->abs_mnt_point);
++				ctx->abs_mnt_point = (char*)NULL;
+ 			}
+ 		}
+ 	}
+diff --git a/src/ntfs-3g.c b/src/ntfs-3g.c
+index 6ce89fef..4e0912ae 100644
+--- a/src/ntfs-3g.c
++++ b/src/ntfs-3g.c
+@@ -4148,7 +4148,8 @@ int main(int argc, char *argv[])
+ 	else {
+ 		ctx->abs_mnt_point = (char*)ntfs_malloc(PATH_MAX);
+ 		if (ctx->abs_mnt_point) {
+-			if (getcwd(ctx->abs_mnt_point,
++			if ((strlen(opts.mnt_point) < PATH_MAX)
++			    && getcwd(ctx->abs_mnt_point,
+ 				     PATH_MAX - strlen(opts.mnt_point) - 1)) {
+ 				strcat(ctx->abs_mnt_point, "/");
+ 				strcat(ctx->abs_mnt_point, opts.mnt_point);
+@@ -4156,6 +4157,9 @@ int main(int argc, char *argv[])
+ 			/* Solaris also wants the absolute mount point */
+ 				opts.mnt_point = ctx->abs_mnt_point;
+ #endif /* defined(__sun) && defined (__SVR4) */
++			} else {
++				free(ctx->abs_mnt_point);
++				ctx->abs_mnt_point = (char*)NULL;
+ 			}
+ 		}
+ 	}
+-- 
+2.20.1
+
diff --git a/SPECS/libguestfs-winsupport.spec b/SPECS/libguestfs-winsupport.spec
index 5e003af..7055861 100644
--- a/SPECS/libguestfs-winsupport.spec
+++ b/SPECS/libguestfs-winsupport.spec
@@ -5,7 +5,7 @@
 
 Name:           libguestfs-winsupport
 Version:        8.0
-Release:        2%{?dist}
+Release:        4%{?dist}
 Summary:        Add support for Windows guests to virt-v2v and virt-p2v
 
 URL:            http://www.ntfs-3g.org/
@@ -25,6 +25,8 @@ Patch2:         ntfs-3g-big-sectors.patch
 # Discussed with upstream developer but not upstream yet, see:
 # https://bugzilla.redhat.com/show_bug.cgi?id=1601146#c4
 Patch3:         ntfsclone-full-clusters-bz1601146.patch
+# CVE-2019-9755 (https://bugzilla.redhat.com/show_bug.cgi?id=1698502)
+Patch4:         0001-Fixed-reporting-an-error-when-failed-to-build-the-mo.patch
 BuildRequires:  libtool, libattr-devel
 BuildRequires:  libconfig-devel, libgcrypt-devel, gnutls-devel, libuuid-devel
 
@@ -40,6 +42,7 @@ virt-v2v and virt-p2v programs.
 %patch1 -p0 -b .check-mftmirr
 %patch2 -p0 -b .big-sectors
 %patch3 -p0 -b .ntfsclone
+%patch4 -p1
 
 
 %build
@@ -103,6 +106,16 @@ popd
 
 
 %changelog
+* Fri Jun 28 2019 Danilo de Paula <ddepaula@redhat.com> - 8.0-4
+- Rebuild all virt packages to fix RHEL's upgrade path
+- Resolves: rhbz#1695587
+  (Ensure modular RPM upgrade path)
+
+* Wed Apr 10 2019 Richard W.M. Jones <rjones@redhat.com> - 8.0-3
+- Fix for CVE-2019-9755
+  (heap-based buffer overflow leads to local root privilege escalation)
+  resolves: rhbz#1698503
+
 * Mon Jul 16 2018 Richard W.M. Jones <rjones@redhat.com> - 8.0-2
 - Fix for ntfsclone crash (RHBZ#1601146).